Re: "Permanent" DST

[Ishmael Rufus]

"where did this bill come from in the first place?"

The whitehouse, Sen. Sheldon Whitehouse (Sponsor), Sen. Marco Rubio
(Co-sponsor)

On Tue, Mar 15, 2022 at 3:47 PM Elmar K. Bins  wrote:

> dedel...@iname.com (Dave) wrote:
>
> > Folks for most systems, this is a change to a single file. Not a really
> hard thing to accomplish
>
> Well...
>
> 1 - I'm surprised anybody is running local timezones on their systems at
> all
>
> 2 - I like how american politics is capable of creating new problems; where
> did this bill come from in the first place? And who's lobbying?
>
> Elmar.
>
>

Re: Texas internet connectivity declining due to blackouts

[Ishmael Rufus]

Maybe Texas can learn from its Northern neighbors.
[image: image.png]

On Mon, Feb 15, 2021 at 10:19 PM Robert Jacobs 
wrote:

> How about letting us Texans have more natural gas power plants or even let
> the gas be delivered to the plants we have so they can provide more power
> in an emergency. Did not help that 20% of our power is now wind which of
> course in an ice storm like we are having is shut off... Lots of issues and
> plenty of politics involved here..
>
> Robert Jacobs​
>  |  Data Center Manager
> 
> Direct:  *832-615-7742* <832-615-7742>
> Mobile:  *281-830-2092* <281-830-2092>
> Main:  832‑615‑8000
> Fax:  *713-510-1650*
> 5959 Corporate Dr. Suite 3300; Houston, TX 77036
> [image: Facebook] 
> [image: LinkedIn] 
> [image: Twitter] 
>  A Certified Woman‑Owned Business
> 24x7x365 Customer Support: 832-615-8000 | supp...@pslightwave.com
>
> ​This electronic message contains information from PS Lightwave which may
> be privileged and confidential. The information is intended to be for the
> use of individual(s) or entity named above. If you are not the intended
> recipient, any disclosure, copying, distribution or use of the contents of
> this information is prohibited. If you have received this electronic
> message in error, please notify me by telephone or e-mail immediately.
> -Original Message-
> From: NANOG  On Behalf
> Of Mark Tinka
> Sent: Monday, February 15, 2021 10:06 PM
> To: nanog@nanog.org
> Subject: Re: Texas internet connectivity declining due to blackouts
>
>
>
> On 2/16/21 04:14, Sean Donelan wrote:
> >
> > Poweroutage.us posted a terrific map, showing the jurisdictional
> > borders of the Texas power outages versus the storm related power
> > outages elsewhere in the country.
> >
> > https://twitter.com/PowerOutage_us/status/1361493394070118402
> >
> >
> > Sometimes infrastructure planning failures are not due to "natural
> > hazards."
>
> I suppose having some kind of home backup solution wouldn't be too bad
> right now, even though you may still not get access to services. But at
> least, you can brew some coffee, and charge your pulse oximetre.
>
> Mark.
>
>

Re: Software Defined Networks

[Ishmael Rufus]

You can start by taking a look at Openflow which embraces the SDN concept.

On Wed, Dec 4, 2019 at 11:57 AM Rod Beck 
wrote:

> Can someone explain what is all the fuss? SDN is like the latest telecom
> craze but the articles do a poor job of explaining the advantages. I seek
> concrete examples.
>
> Regards,
>
> Roderick.
>
>
> Roderick Beck
> VP of Business Development
>
> United Cable Company
>
> www.unitedcablecompany.com
>
> New York City & Budapest
>
> rod.b...@unitedcablecompany.com
>
> 36-70-605-5144
>
>
> [image: 1467221477350_image005.png]
>

Re: sending again in case Zoom didn't email it correctly

[Ishmael Rufus]

I didn't get an outlook notification for this.

On Fri, Mar 15, 2019 at 3:10 PM Matt Harris  wrote:

> Figures it'd be people from Lawrence.  I'm pretty sure everyone there is
> drunk all of the time.  ;)
>
> Although admittedly I only stop in there for drinks when I'm on my way
> back from motorsports events in Topeka.  Definitely a nice little town if
> what you want is a beer.
>
>

Re: Youtube Outage

[Ishmael Rufus]

Should be coming back online

On Tue, Oct 16, 2018 at 9:35 PM Ben Cannon  wrote:

> Confirmed outage in Windsor CA
>
> -Ben
>
> On Oct 16, 2018, at 7:15 PM, Charles Mills  wrote:
>
> The reports I've seen showing it as a worldwide outage.
>
> On Tue, Oct 16, 2018 at 10:14 PM Nathan Brookfield <
> nathan.brookfi...@simtronic.com.au> wrote:
>
>> Australia too….
>>
>>
>>
>> *From:* NANOG  *On Behalf Of *Oliver O'Boyle
>> *Sent:* Wednesday, October 17, 2018 1:08 PM
>> *To:* marshall.euba...@gmail.com
>> *Cc:* North American Network Operators' Group 
>> *Subject:* Re: Youtube Outage
>>
>>
>>
>> Same in Montreal.
>>
>>
>>
>> On Tue, Oct 16, 2018 at 9:52 PM Marshall Eubanks <
>> marshall.euba...@gmail.com> wrote:
>>
>> Reports (and humor) are flooding twitter.
>> On Tue, Oct 16, 2018 at 9:44 PM Ross Tajvar  wrote:
>> >
>> > You beat my email by seconds. Yes, it is widespread.
>> >
>> > On Tue, Oct 16, 2018 at 9:39 PM, Kenneth McRae via NANOG <
>> nanog@nanog.org> wrote:
>> >>
>> >> Is this widespread?
>> >
>> >
>>
>>
>>
>>
>> --
>>
>> :o@>
>>
>>
>>
>

Re: Domain renawals

[Ishmael Rufus]

$9.88 for commercial domains seems under the average from what I've seen
from other registrars

On Mon, Sep 19, 2016 at 12:19 PM, Jeff Jones  wrote:

> Hello All,
>
> Sorry if this is low level. But are people sick of registrars jacking up
> prices? Who is the cheapest and most reliable? I have been using whois.com
> ,
> networksolutions.com and am looking for input on who is cheap, secure,
> reliable registrar. Thanks for your input.
>
> ~Jeff
>

Re: Speedtest.net not accessible in Chrome due to deceptive ads

[Ishmael Rufus]

http://www.measurementlab.net/tools/ndt/

100% ad free.

On Wed, Jul 20, 2016 at 7:55 AM, Janusz Jezowicz 
wrote:

> It seems that some users reporting the site is back. I am counting 6+ hours
> of outage.
>
> Alan - what you describe is something normal user will never do. When user
> sees red screen like that, he runs screaming. So in theory yes, it was
> accessible, but ... wasn't.
>
> Its hard to avoid Google nanny when they offer so many useful services
>
>
>
> On 20 July 2016 at 14:09,  wrote:
>
> > Hi,
> >
> > > Since this morning Speedtest.net is not accessible in Chrome
> > > Reason:
> > >
> >
> https://www.google.com/transparencyreport/safebrowsing/diagnostic/#url=c.speedtest.net
> >
> > someones complained about the URL based on them stupidly installing
> > 'cleanmymac' or such?
> >
> > use the non flash junk HTML5 version instead
> >
> > http://beta.speedtest.net/
> >
> > still bleats about "Deceptive site ahead"
> >
> > and PS "is not accessible in Chrome" - not true.
> >
> > click DETAILS,  then click on
> >
> > visit this unsafe site.
> >
> > (with the pre-condition of " if you understand the risks to your
> security"
> >
> >
> > I personally dont want or need Google to start being my nanny on the
> > internet  :/
> >
> >
> > alan
> >
> > PS you may have other interests involved here given your affiliation to
> > speedchecker.xyz
> >
>

Re: Network Weathermap

[Ishmael Rufus]

You could probably build the converter in PHP and make it a plugin of
weathermap.

You kids and your Python :)

On Thu, Apr 28, 2016 at 1:32 PM, James Bensley  wrote:

> Hi all,
>
> I know its been a while since I posted this thread, I've been swamped.
> Finally I'm getting time to look back at this. I think I had 0 on-list
> replies and about 10 off-list private replies, so clearly others are having
> the same problem but not speaking openly about it.
>
> There were two main themes in the off list replies;
>
> 1. Several people are drawing in a tool like Visio and then importing the
> picture as a background to the weathermap plugin and adding the links and
> nodes over the top.
>
> 2. A couple of people were drawing in something else other than Visio that
> would spit out files containing objects and coordinates and then had
> written scripts to convert those coordinates to Weathermap plugin file
> format.
>
> Method 1 is OK, I really want it to be less hassle than that so 2 seems
> like the best idea. Only one person would share their conversion script
> with me briefly on PasteBin then it expired and it wasn't for Visio format
> files, so I didn't save it.
>
> Having a quick play in Visio just now the files are saved as XML formatted
> X/Y axis values. Bit of a Python novice but I'm thinking I could basically
> ingest a Visio file and parse the the XML and then iterate over it
> converting each "object" into weathermap syntax.
>
> That isn't too difficult however for the maps to be any good I need to
> think about the "via" feature for links in Weathermap to map them  more
> clearly if they cross over each other. There might still also be a lot of
> hackery when it comes to mapping the imported nodes and links to actual
> ones in Cacti. It might be that you have to match all the imported nodes
> and links to RRDs the first time you import the diagram then on all future
> imports just new links and nodes.
>
> Before I commit the time to this, has anyone done this already or is anyone
> a absolute Lord of Python who wants to do it quicker than I can do it? :)
>
> Cheers,
> James.
>

Re: Anonymous Threats

[Ishmael Rufus]

I'll keep a look out

On Sun, Jan 10, 2016, 5:02 PM Eric Rogers  wrote:

> Our local community has recently had threats where the user has a
> FaceBook profile and is threatening the schools, and several surrounding
> schools, saying he is going to shoot everyone and blow them up... This
> is an investigation, but it is getting out of hand.  Several police/FBI
> raids, but yielded no results, and/or did not catch the right person.
> He/she is taunting them, local and federal.
>
>
>
> I would ASSUME he is using some sort of proxy/anonymizer such as TOR or
> something similar.  Is there any way to sniff for that type of traffic
> on my network?  I want to make sure that they are not using us as the
> source.
>
>
>
> Any thoughts on how to catch this person?  Even if it isn't us, and it
> is somewhere else I would like to put a stop to it.  Preferably off-list
> if you do respond...
>
>
>
> Thanks in advance.
>
>
>
> Eric Rogers
>
>
>
>
>
> www.pdsconnect.me
>
> (317) 831-3000 x200
>
>
>
>

Re: Mozilla Cert expired today :P

[Ishmael Rufus]

Hit Ctrl+F5

On Mon, Dec 7, 2015 at 8:50 AM, Alexander Maassen 
wrote:

> Kinda funny and perhaps offtopic, but I noticed the cert for mozilla.org
> expired right before my eyes when checking my plugins.
>
>

Re: Colo space at Cermak

[Ishmael Rufus]

The company who has the worlds most played online multiplayer game moved
their servers to Chicago back in late August. Maybe that affected prices?

On Fri, Nov 13, 2015, 12:45 PM Greg Sowell  wrote:

> I would guess it has to do with competing with your landlord now.  I know
> it's starting to happen more and more.
>
> On Thu, Nov 12, 2015 at 8:32 PM, Mike Hammett  wrote:
>
> > Has something happened the past couple months to cause a quick shortage
> of
> > space at Cermak? I had an offer sent a few months ago (when I didn't need
> > it) where a cab and five cross connects were cheaper than what five cross
> > connects normally are, much less the cabinet value as well. Around that
> > time I think cabinets were going for $700 or so for basic
> primary\redundant
> > 20A. Now the cabinet is going for $1,800. It went from being the cheapest
> > I've seen at Cermak to the most I've seen at Cermak in a matter of a few
> > months. Two people with space in that building are citing an uptick in
> > demand. Really? That much of a demand increase with hundreds of thousands
> > of square feet coming online in the Chicago metro?
> >
> > Can anyone corroborate that story or are they just making stuff up hoping
> > I agree to inflated cabinet prices?
> >
> >
> >
> >
> > -
> > Mike Hammett
> > Intelligent Computing Solutions
> > http://www.ics-il.com
> >
> >
> >
> > Midwest Internet Exchange
> > http://www.midwest-ix.com
> >
> >
> >
> >
>
>
> --
>
> GregSowell.com
> TheBrothersWISP.com
>

Re: Uptick in spam

[Ishmael Rufus]

Hey!

Maybe this is relevant:


On Mon, Oct 26, 2015 at 11:14 AM, Paras  wrote:

> I see it too, there are some 517 messages in my spam folder "New message"
>
> Most of them get blocked, but a small fraction are still making it into my
> inbox
>
>
> On 10/25/2015 12:13 AM, anthony kasza wrote:
>
>> Has there been a recent uptick in crap sent to the list or is it just me?
>> Is there anything that we can do to filter these messages with junk links?
>>
>> -AK
>>
>
>
>

Re: spam smackdown?

[Ishmael Rufus]

"It looks like someone's trying to make a point"

Must be an Outlook exploit affected several clients.

On Sat, Oct 24, 2015 at 9:39 PM, Scott Weeks  wrote:

>
>
> It looks like someone's trying to make a point.
>
> -
> New message, please read 
> ---
>
> scott
>

Re: Fw: new message

[Ishmael Rufus]

omg. The horror

On Sun, Oct 25, 2015, 12:04 AM Abdulkadir Egal  wrote:

> Hey!
>
>
>
> New message, please read 
>
>
>
> Abdulkadir Egal
>
>

Re: The US government has betrayed the Internet. We need to take it back

[Ishmael Rufus]

So when do we riot? I've been waiting for months now.


On Fri, Sep 6, 2013 at 8:50 AM, Jorge Amodio jmamo...@gmail.com wrote:

   The US government has betrayed the Internet. We need to take it back

   
  
   Who is we ?
 
  If you bothered to read the 1st paragraph you would know.
 

 I read all of it, the original article and other references to it.

 IMHO, there is no amount of engineering that can fix stupid people doing
 stupid things on both sides of the stupid lines.

 By trying to fix what is perceived an engineering issue (seems that China
 doing the same or worse for many years wasn't an engineering problem) the
 only result you will obtain is a budget increase on the counter-engineering
 efforts, that may represent a big chunk of money that can be used in more
 effective ways where it is really needed.

 My .02
 -J

Re: PRISM: NSA/FBI Internet data mining project

[Ishmael Rufus]

So when are we rioting?


On Fri, Jun 7, 2013 at 7:14 PM, Nick Khamis sym...@gmail.com wrote:

 Tax payer money.. :)

 On 6/7/13, Mark Seiden m...@seiden.com wrote:
  what a piece of crap this article is.
 
  the guy doesn't understand what sniffing can and can't do.  obviously he
  doesn't understand peering or routing, and he doesn't understand what
 cdns
  are for.
 
  he doesn't understand the EU safe harbor, saying it applies to govt
  entitites, when it's purely about companies hosting data of EU citizens.
 
  he quotes a source who suggests that the intel community might have
  privileged search access to facebook, which i don't believe.
 
  he even says company-owned equipment might refer to the NSA, which i
  thought everybody calls the agency so to not confuse with the CIA.
 
  and he suggests that these companies might have given up their master
  decryption keys (as he terms them) so that USG could decrypt SSL.
 
  and the $20M cost per year, which would only pay for something the size
 of a
  portal or a web site, well, that's mysterious.
 
  sheesh.
 
  this is not journalism.
 
 
  On Jun 7, 2013, at 3:54 PM, Paul Ferguson fergdawgs...@gmail.com
 wrote:
 
  Also of interest:
 
 
 http://www.guardian.co.uk/world/2013/jun/07/nsa-prism-records-surveillance-questions
 
  - ferg
 
 
  On Fri, Jun 7, 2013 at 3:49 PM, Michael Hallgren m.hallg...@free.fr
  wrote:
 
  Le 07/06/2013 19:10, Warren Bailey a écrit :
  Five days ago anyone who would have talked about the government having
  this capability would have been issued another tin foil hat. We think
 we
  know the truth now, but why hasn't echelon been brought up? I'm not
  calling anyone a liar, but isn't not speaking the truth the same
 thing?
 
 
  ;-)
 
  mh
 
 
 
  Sent from my Mobile Device.
 
 
   Original message 
  From: Matthew Petach mpet...@netflight.com
  Date: 06/07/2013 9:34 AM (GMT-08:00)
  To:
  Cc: NANOG nanog@nanog.org
  Subject: Re: PRISM: NSA/FBI Internet data mining project
 
 
  On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach
  mpet...@netflight.comwrote:
 
 
  On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com
 wrote:
 
  Has fingers directly in servers of top Internet content companies,
  dates to 2007.  Happily, none of the companies listed are transport
  networks:
 
 
 
 http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
 
  Cheers,
  -- jra
  --
  Jay R. Ashworth  Baylink
  j...@baylink.com
  Designer The Things I Think
  RFC
  2100
  Ashworth  Associates http://baylink.pitas.com 2000
 Land
  Rover DII
  St Petersburg FL USA   #natog  +1
 727
  647 1274
 
 
  I've always just assumed that if it's in electronic form,
  someone else is either reading it now, has already read
  it, or will read it as soon as I walk away from the screen.
 
  Much less stress in life that way.  ^_^
 
  Matt
 
 
  When I posted this yesterday, I was speaking somewhat
  tongue-in-cheek, because we hadn't yet made a formal
  statement to the press.  Now that we've made our official
  reply, I can echo it, and note that whatever fluffed up
  powerpoint was passed around to the washington post,
  it does not reflect reality.  There are no optical taps in
  our datacenters funneling information out, there are no
  sooper-seekret backdoors in the software that funnel
  information to the government.  As our formal reply
  stated: Yahoo does not provide the government with
  direct access to its servers, systems, or network.
  I believe the other major players supposedly listed
  in the document have released similar statements,
  all indicating a similar lack of super-cheap government
  listening capabilities.
 
  Speaking just for myself, and if you quote me on this
  as speaking on anyone else's behalf, you're a complete
  fool, if the government was able to build infrastructure
  that could listen to all the traffic from a major provider
  for a fraction of what it costs them to handle that traffic
  in the first place, I'd be truly amazed--and I'd probably
  wonder why the company didn't outsource their infrastruture
  to the government, if they can build and run it so much
  more cheaply than the commercial providers.  ;P
  7 companies were listed; if we assume the
  burden was split roughly evenly between them, that's
  20M/7, about $2.85M per company per year to tap in,
  or about $238,000/month per company listed, to
  supposedly snoop on hundreds of gigs per second
  of data.  Two ways to handle it: tap in, and funnel
  copies of all traffic back to distant monitoring posts,
  or have local servers digesting and filtering, just
  extracting the few nuggets they want, and sending
  just those back.
 
  Let's take the first case; doing optical taps, or other
  form of direct traffic mirroring, 

Re: PRISM: NSA/FBI Internet data mining project

[Ishmael Rufus]

Yeah... so when are we rioting? Because they'll just continue to make laws
that circumvent the constitution.


On Fri, Jun 7, 2013 at 8:20 PM, Owen DeLong o...@delong.com wrote:

 Dan,

 While the government has no responsibility to protect my data, they do
 have a responsibility to respect my privacy. While you are correct in that
 proper personal security procedures to protect my data from random crackers
 would, in fact, also protect it from the government, that's a far cry from
 what is at issue here.

 The question here is whether or not it should be considered legitimate for
 the US Government to completely ignore the fourth and fifth amendments to
 the constitution and build out unprecedented surveillance capabilities
 capturing vast amounts of data without direct probable cause for that
 snooping.

 I'm not so much concerned about them gaining access to data I don't want
 them to access. I am far more disturbed by the trend which reflects a
 government which increasingly considers itself unrestrained by the laws it
 is in place to support and implement.

 Owen

 On Jun 7, 2013, at 8:42 AM, Dan White dwh...@olp.net wrote:

  On 06/07/13 11:11 -0400, Rob McEwen wrote:
  On 6/7/2013 9:50 AM, Dan White wrote:
  OpenPGP and other end-to-end protocols protect against all nefarious
  actors, including state entities. I'll admit my first reaction
 yesterday
  after hearing this news was - so what? Network security by its nature
  presumes that an insecure channel is going to be attacked and
  compromised.  The 4th Amendment is a layer-8 solution to a problem that
  is better solved lower in the stack.
 
  That is JUST like saying...
 
  || now that the police can freely bust your door down and raid your
  house in a fishing expedition, without a search warrant, without court
  order, and  without probable cause... the solution is for you to get a
  stronger metal door and hide all your stuff better.||
 
  Hiding stuff better is generally good security practice, particularly in
  the absence of a search warrant. How effective those practices are is
  really what's important.
 
  From a data standpoint, those security procedures can be highly
  effective, even against law enforcement. But it's not law enforcement
 that
  I worry about the most (understandably, you may have a differing
 opinion);
  It's the random anonymous cracker who isn't beholden to any international
  laws or courts. I design my personal security procedures for him.
 
  That's why I don't, say, send passwords in emails. I don't trust state
  entities to protect the transmission of that data. I don't wish to place
  that burden on them.
 
  You're basically saying that it is OK for governments to defy their
  constitutions and trample over EVERYONE's rights, and that is OK since a
  TINY PERCENTAGE of experts will have exotic means to evade such
  trampling. But to hell with everyone else. They'll just have to become
  good little subjects to the State.  If grandma can't do PGP, then she
  deserves it, right?
 
  I believe it's your responsibility to protect your own data, not the
  government's, and certainly not Facebook's.
 
  Yet... many people DIED to initiate/preserve/codify such human rights...
  but I guess others just give them away freely. What a shame. Ironically,
  many who think this is no big deal have themselves benefited immensely
  from centuries of freedom and prosperity that resulted from rule of
  law and the U.S. Constitution/Bill of Rights.
 
  Freedom is very important to me, as well as the laws that are in place to
  protect them.
 
  --
  Dan White

List of Comcast speeds in Chicago, IL (North side near I-94: Addisson/Irving Park/ area)

[Ishmael Rufus]

Could someone help verify the listed speeds for the different services
for Comcast:

Performance - 20mbps (Customer support is claiming it's now 15mbps)
Blast - 30 mbps (Customer support is claiming it's now 20 mbps)

I was getting 20+ download speed tests on Performance which is correct.
When I told customer support I was getting half (because of packet loss)
they brought this other information to my attention

Re: DNS poisoning at Google?

[Ishmael Rufus]

I'll take files that shouldn't have level 7 permissions for $400 alex.

On Wed, Jun 27, 2012 at 2:09 AM, Bryan Irvine sparcta...@gmail.com wrote:

 The fun part will be figuring out how it got there. :)

 Sent from my iPhone

 On Jun 27, 2012, at 12:06 AM, Matthew Black matthew.bl...@csulb.edu
 wrote:

  We found the aberrant .htaccess file and have removed it. What a mess!
 
  matthew black
  information technology services
  california state university, long beach
 
  From: Grant Ridder [mailto:shortdudey...@gmail.com]
  Sent: Tuesday, June 26, 2012 11:02 PM
  To: Matthew Black; nanog@nanog.org
  Cc: Jeremy Hanmer
  Subject: Re: DNS poisoning at Google?
 
  It also redirects with facebook, youtube, and ebay but NOT amazon.
 
  -Grant
 
  On Wed, Jun 27, 2012 at 12:57 AM, Matthew Black matthew.bl...@csulb.edu
 mailto:matthew.bl...@csulb.edu wrote:
  Our web lead was able to run curl. Thanks.
 
  matthew black
  information technology services
  california state university, long beach
 
  From: Grant Ridder [mailto:shortdudey...@gmail.commailto:
 shortdudey...@gmail.com]
  Sent: Tuesday, June 26, 2012 10:53 PM
  To: Matthew Black
  Cc: Landon Stewart; nanog@nanog.orgmailto:nanog@nanog.org; Jeremy
 Hanmer
 
  Subject: Re: DNS poisoning at Google?
 
  Matt, what happens you get on a subnet that can access the webservers
 directly and bypass the load balancer.  Try curl then and see if its
 something w/ the webserver or load balancer.
 
  -Grant
  On Wed, Jun 27, 2012 at 12:40 AM, Matthew Black matthew.bl...@csulb.edu
 mailto:matthew.bl...@csulb.edu wrote:
  Thanks again to everyone who helped. I didn't know what to enter with
 curl, because Outlook clobbered the line breaks in Jeremy's original
 message.
 
  Also, curl failed on our primary webserver because of firewall and load
 balancer magic settings. The Telnet method worked better!
 
  Our team is now scouring for that hidden redirect to couchtarts.
 
  matthew black
  information technology services
  california state university, long beach
 
  From: Landon Stewart [mailto:lstew...@superb.netmailto:
 lstew...@superb.net]
  Sent: Tuesday, June 26, 2012 10:37 PM
  To: Matthew Black
  Cc: Jeremy Hanmer; nanog@nanog.orgmailto:nanog@nanog.org
  Subject: Re: DNS poisoning at Google?
  There is definitely a 301 redirect.
 
  $ curl -I --referer http://www.google.com/ http://www.csulb.edu/
  HTTP/1.1http://www.csulb.edu/%0d%0aHTTP/1.1 301 Moved Permanently
  Date: Wed, 27 Jun 2012 05:36:31 GMT
  Server: Apache/2.0.63
  Location: http://www.couchtarts.com/media.php
  Connection: close
  Content-Type: text/html; charset=iso-8859-1
  On 26 June 2012 22:05, Matthew Black matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edumailto:matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edu wrote:
  Google Webtools reports a problem with our HOMEPAGE /. That page is
 not redirecting anywhere.
  They also report problems with some 48 other primary sites, none of
 which redirect to the offending couchtarts.
 
  matthew black
  information technology services
  california state university, long beach
 
 
 
 
  -Original Message-
  From: Jeremy Hanmer [mailto:jeremy.han...@dreamhost.commailto:
 jeremy.han...@dreamhost.commailto:jeremy.han...@dreamhost.commailto:
 jeremy.han...@dreamhost.com]
  Sent: Tuesday, June 26, 2012 9:58 PM
  To: Matthew Black
  Cc: nanog@nanog.orgmailto:nanog@nanog.orgmailto:nanog@nanog.org
 mailto:nanog@nanog.org
  Subject: Re: DNS poisoning at Google?
  It's not DNS.  If you're sure there's no htaccess files in place, check
 your content (even that stored in a database) for anything that might be
 altering data based on referrer.  This simple test shows what I mean:
  Airy:~ user$ curl -e 'http://google.com' csulb.eduhttp://csulb.edu
 http://csulb.edu !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 htmlhead
  title301 Moved Permanently/title
  /headbody
  h1Moved Permanently/h1
  pThe document has moved a href=http://www.couchtarts.com/media.php
 here/a./p
  /body/html
 
  Running curl without the -e argument gives the proper site contents.
  On Jun 26, 2012, at 9:24 PM, Matthew Black matthew.bl...@csulb.edu
 mailto:matthew.bl...@csulb.edumailto:matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edu wrote:
 
  Running Apache on three Solaris webservers behind a load balancer. No
 MS Windows!
 
  Not sure how malicious software could get between our load balancer and
 Unix servers. Thanks for the tip!
 
  matthew black
  information technology services
  california state university, long beach
 
 
 
  From: Landon Stewart [mailto:lstew...@superb.netmailto:
 lstew...@superb.netmailto:lstew...@superb.netmailto:lstew...@superb.net
 ]
  Sent: Tuesday, June 26, 2012 9:07 PM
  To: Matthew Black
  Cc: nanog@nanog.orgmailto:nanog@nanog.orgmailto:nanog@nanog.org
 mailto:nanog@nanog.org
  Subject: Re: DNS poisoning at Google?
 
  Is it possible that some malicious software is listening and injecting
 a redirect on the wire?  We've seen this before 

Re: DNS poisoning at Google?

[Ishmael Rufus]

I'm glad I'm not the only one that miss this one:

http://www.csulb.edu

It is in his signature and email address as well ;)



On Tue, Jun 26, 2012 at 11:04 PM, Sadiq Saif sa...@asininetech.com wrote:

 Accidentally sent that to Matthew only,

 mind sharing the domain name?

 On Tue, Jun 26, 2012 at 11:53 PM, Matthew Black matthew.bl...@csulb.edu
 wrote:
  Google Safe Browsing and Firefox have marked our website as containing
 malware. They claim our home page returns no results, but redirects users
 to another compromised website couchtarts.com.
 
  We have thoroughly examined our root .htaccess and httpd.conf files and
 are not redirecting to the problem target site. No recent changes either.
 
  We ran some NSLOOKUPs against various public DNS servers and
 intermittently get results that are NOT our servers.
 
  We believe the DNS servers used by Google's crawler have been poisoned.
 
  Can anyone shed some light on this?
 
  matthew black
  information technology services
  california state university, long beach
  www.csulb.eduhttp://www.csulb.edu
 



 --
 Sadiq S
 O ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: DNS poisoning at Google?

[Ishmael Rufus]

I am also getting the same issue when accessing his website.

On Tue, Jun 26, 2012 at 11:07 PM, Landon Stewart lstew...@superb.netwrote:

 Is it possible that some malicious software is listening and injecting a
 redirect on the wire?  We've seen this before with a Windows machine being
 infected.

 On 26 June 2012 20:53, Matthew Black matthew.bl...@csulb.edu wrote:

  Google Safe Browsing and Firefox have marked our website as containing
  malware. They claim our home page returns no results, but redirects users
  to another compromised website couchtarts.com.
 
  We have thoroughly examined our root .htaccess and httpd.conf files and
  are not redirecting to the problem target site. No recent changes either.
 
  We ran some NSLOOKUPs against various public DNS servers and
  intermittently get results that are NOT our servers.
 
  We believe the DNS servers used by Google's crawler have been poisoned.
 
  Can anyone shed some light on this?
 
  matthew black
  information technology services
  california state university, long beach
  www.csulb.eduhttp://www.csulb.edu
 
 


 --
 Landon Stewart lstew...@superb.net
 Sr. Administrator
 Systems Engineering
 Superb Internet Corp - 888-354-6128 x 4199
 Web hosting and more Ahead of the Rest: http://www.superbhosting.net

Re: DNS poisoning at Google?

[Ishmael Rufus]

Have you tried using Google Webmaster tools?

On Tue, Jun 26, 2012 at 11:28 PM, Matthew Black matthew.bl...@csulb.eduwrote:

 Running Apache on three Solaris servers behind a load balancer.

 I forgot how to lookup our AS number to see if it matches couchtarts.

 matthew black
 information technology services
 california state university, long beach


 -Original Message-
 From: David Hubbard [mailto:dhubb...@dino.hostasaurus.com]
 Sent: Tuesday, June 26, 2012 9:14 PM
 To: nanog@nanog.org
 Subject: RE: DNS poisoning at Google?

 Typically if google were pulling your site sometimes from the wrong IP,
 their safe browsing page should indicate it being on another AS number in
 addition to the correct one 2152:

 http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http
 ://www.csulb.edu

 For example, the couchtarts site they claim yours is redirecting to:

 http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http
 ://www.couchtarts.com

 That site's DNS is screwed up and some requests are sent to a different IP
 at a different host, so Google picked up both AS numbers.

 Could one of your domain's subdomains be what is actually infected?  You
 seem to have a bunch of them, maybe google is penalizing the whole domain
 over a subdomain?  Not sure if they do that or not.

 If your sites are running off of an application like wordpress, etc., you
 may not get the same page that google gets and the application may have
 been hacked.
 Here's a wget command you can use to make requests to your site pretending
 to be google:

 wget -c \
 --user-agent=Mozilla/5.0 (compatible; Googlebot/2.1;
 +http://www.google.com/bot.html) \
 --output-document=googlebot.html 'http://www.csulb.edu'

 nanog will probably line wrap that user agent line making it not correct
 so you'll have to put it back together correctly.  It will save the output
 to a file named googlebot.html you can look at to see if anything weird
 ends up being served.

 David


  -Original Message-
  From: Matthew Black [mailto:matthew.bl...@csulb.edu]
  Sent: Tuesday, June 26, 2012 11:53 PM
  To: nanog@nanog.org
  Subject: DNS poisoning at Google?
 
  Google Safe Browsing and Firefox have marked our website as containing
  malware. They claim our home page returns no results, but redirects
  users to another compromised website couchtarts.com.
 
  We have thoroughly examined our root .htaccess and httpd.conf files
  and are not redirecting to the problem target site. No recent changes
  either.
 
  We ran some NSLOOKUPs against various public DNS servers and
  intermittently get results that are NOT our servers.
 
  We believe the DNS servers used by Google's crawler have been
  poisoned.
 
  Can anyone shed some light on this?
 
  matthew black
  information technology services
  california state university, long beach
  www.csulb.eduhttp://www.csulb.edu
 
 
 

Re: [MailServer Notification]Web Reputation Notification

[Ishmael Rufus]

Access the site via domain name: SaferBrowsing message
Access the site via IP: works fine.

Interesting...

On Tue, Jun 26, 2012 at 11:36 PM, Administrator
administra...@do.not.replywrote:

 www.couchtarts.com has been detected as
 suspicious URLs,and Tag and deliver has been
 taken on 6/26/2012 10:36:04 PM.
 Message details:
 Server: MAIL
 Sender: matthew.bl...@csulb.edu;
 Recipient: sakam...@gmail.com;nanog@nanog.org;
 Subject: Suspicious URL: RE: DNS poisoning at Google?

Re: [MailServer Notification]Web Reputation Notification

[Ishmael Rufus]

Looks like it is fixed. slowbro.jpg

On Tue, Jun 26, 2012 at 11:44 PM, Ishmael Rufus sakam...@gmail.com wrote:

 Access the site via domain name: SaferBrowsing message
 Access the site via IP: works fine.

 Interesting...


 On Tue, Jun 26, 2012 at 11:36 PM, Administrator 
 administra...@do.not.reply wrote:

 www.couchtarts.com has been detected as
 suspicious URLs,and Tag and deliver has been
 taken on 6/26/2012 10:36:04 PM.
 Message details:
 Server: MAIL
 Sender: matthew.bl...@csulb.edu;
 Recipient: sakam...@gmail.com;nanog@nanog.org;
 Subject: Suspicious URL: RE: DNS poisoning at Google?

Re: [MailServer Notification]Web Reputation Notification

[Ishmael Rufus]

IIRC Google safe browsing should be using its own DNS. Nevertheless, my
experience with Google's DNS is that it takes at least 2 hours before DNS
records would update.

If anyone knows more feel free to shed any light on Google's DNS and Google
SafeBrowsing.

On Tue, Jun 26, 2012 at 11:51 PM, Matthew Black matthew.bl...@csulb.eduwrote:

  Yes, isn’t it! What DNS server does Google Safe Browsing use?

 ** **

 matthew black

 information technology services

 california state university, long beach

 ** **

 ** **

 ** **

 *From:* Ishmael Rufus [mailto:sakam...@gmail.com]
 *Sent:* Tuesday, June 26, 2012 9:45 PM
 *To:* Matthew Black
 *Cc:* nanog@nanog.org
 *Subject:* Re: [MailServer Notification]Web Reputation Notification

 ** **

 Access the site via domain name: SaferBrowsing message

 Access the site via IP: works fine.

 ** **

 Interesting...

 On Tue, Jun 26, 2012 at 11:36 PM, Administrator 
 administra...@do.not.reply wrote:

 www.couchtarts.com has been detected as
 suspicious URLs,and Tag and deliver has been
 taken on 6/26/2012 10:36:04 PM.
 Message details:
 Server: MAIL
 Sender: matthew.bl...@csulb.edu;
 Recipient: sakam...@gmail.com;nanog@nanog.org;
 Subject: Suspicious URL: RE: DNS poisoning at Google?

 ** **

Re: DNS poisoning at Google?

[Ishmael Rufus]

Invoking the referrer on your site recommends a redirect to couchtarts. I
agree with Jeremy and Jeff check your htaccess files, conf files and
anything that  calls RewriteCond or Rewrite

On Wed, Jun 27, 2012 at 12:05 AM, Matthew Black matthew.bl...@csulb.eduwrote:

 Google Webtools reports a problem with our HOMEPAGE /. That page is not
 redirecting anywhere.
 They also report problems with some 48 other primary sites, none of which
 redirect to the offending couchtarts.

 matthew black
 information technology services
 california state university, long beach





 -Original Message-
 From: Jeremy Hanmer [mailto:jeremy.han...@dreamhost.com]
 Sent: Tuesday, June 26, 2012 9:58 PM
 To: Matthew Black
 Cc: nanog@nanog.org
 Subject: Re: DNS poisoning at Google?

 It's not DNS.  If you're sure there's no htaccess files in place, check
 your content (even that stored in a database) for anything that might be
 altering data based on referrer.  This simple test shows what I mean:

 Airy:~ user$ curl -e 'http://google.com' csulb.edu !DOCTYPE HTML PUBLIC
 -//IETF//DTD HTML 2.0//EN htmlhead
 title301 Moved Permanently/title
 /headbody
 h1Moved Permanently/h1
 pThe document has moved a href=http://www.couchtarts.com/media.php
 here/a./p
 /body/html

 Running curl without the -e argument gives the proper site contents.

 On Jun 26, 2012, at 9:24 PM, Matthew Black matthew.bl...@csulb.edu
 wrote:

  Running Apache on three Solaris webservers behind a load balancer. No MS
 Windows!
 
  Not sure how malicious software could get between our load balancer and
 Unix servers. Thanks for the tip!
 
  matthew black
  information technology services
  california state university, long beach
 
 
 
  From: Landon Stewart [mailto:lstew...@superb.net]
  Sent: Tuesday, June 26, 2012 9:07 PM
  To: Matthew Black
  Cc: nanog@nanog.org
  Subject: Re: DNS poisoning at Google?
 
  Is it possible that some malicious software is listening and injecting a
 redirect on the wire?  We've seen this before with a Windows machine being
 infected.
  On 26 June 2012 20:53, Matthew Black matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edu wrote:
  Google Safe Browsing and Firefox have marked our website as containing
 malware. They claim our home page returns no results, but redirects users
 to another compromised website couchtarts.comhttp://couchtarts.com.
 
  We have thoroughly examined our root .htaccess and httpd.conf files and
 are not redirecting to the problem target site. No recent changes either.
 
  We ran some NSLOOKUPs against various public DNS servers and
 intermittently get results that are NOT our servers.
 
  We believe the DNS servers used by Google's crawler have been poisoned.
 
  Can anyone shed some light on this?
 
  matthew black
  information technology services
  california state university, long beach
  www.csulb.eduhttp://www.csulb.eduhttp://www.csulb.edu
 
 
 
  --
  Landon Stewart lstew...@superb.netmailto:lstew...@superb.net
  Sr. Administrator
  Systems Engineering
  Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more Ahead
  of the Rest:
  http://www.superbhosting.nethttp://www.superbhosting.net/
 

Re: Megaupload.com seized

[Ishmael Rufus]

It's your typical FBI raid operation.

Arrest everyone and seize all electronics.

Then ask questions, weeks later.

On Thu, Jan 19, 2012 at 5:44 PM, ja...@smithwaysecurity.com
ja...@smithwaysecurity.com wrote:
 You guys serous,  when did the order come in to sezie the domain?

 Sent from my HTC

 - Reply message -
 From: Ryan Gelobter rya...@atwgpc.net
 To: NANOG nanog@nanog.org
 Subject: Megaupload.com seized
 Date: Thu, Jan 19, 2012 6:41 pm


 The megaupload.com domain was seized today, has anyone noticed significant
 drops in network traffic as a result?

 http://www.scribd.com/doc/78786408/Mega-Indictment
 http://techland.time.com/2012/01/19/feds-shut-down-megaupload-com-file-sharing-website/

Re: Megaupload.com seized

[Ishmael Rufus]

That doesn't stop the power of our US government.

On Thu, Jan 19, 2012 at 5:53 PM, ja...@smithwaysecurity.com
ja...@smithwaysecurity.com wrote:
 Wow, what suprised the servers were, all located offshore.

 Sent from my HTC

 - Reply message -
 From: Paul Graydon p...@paulgraydon.co.uk
 To: nanog@nanog.org
 Subject: Megaupload.com seized
 Date: Thu, Jan 19, 2012 7:27 pm


 On 01/19/2012 12:41 PM, Ryan Gelobter wrote:
 The megaupload.com domain was seized today, has anyone noticed significant
 drops in network traffic as a result?

 http://www.scribd.com/doc/78786408/Mega-Indictment
 http://techland.time.com/2012/01/19/feds-shut-down-megaupload-com-file-sharing-website/
 Ars Technica are implying it was quite a source of bandwidth usage within 
 companies.  I'm curious, are any interesting charts on an ISP side?

 http://arstechnica.com/business/news/2012/01/before-shutdown-megaupload-ate-up-more-corporate-bandwidth-than-dropbox.ars

Re: IP addresses are now assets

[Ishmael Rufus]

I have acres on the moon that are up for sale.

On Fri, Dec 2, 2011 at 11:18 AM, Christopher J. Pilkington c...@0x1.net wrote:
 On Dec 1, 2011, at 23:04, Michael R. Wayne wa...@staff.msen.com wrote:

 After negotiating with multiple prospective buyers, Cerner Corp.
   agreed to buy the Internet addresses for $12 each. Other bids were
   as low as $1.50 each, according to a bankruptcy court filing.

 Clearly the addresses with the last octet of 00 and ff should be
 discounted, since no one wants to be zero, and ff just seems to get
 everyone's attention.

 -cjp

Broadband providers in downtown Chicago

[Ishmael Rufus]

Our company is in a building at 200 w. Monroe and we have difficulty
finding an internet service provider that could at least provide
1Mbps+ Upload bandwidth that is not Cogent Communications.

Is it really this difficult finding a decent internet service provider
in downtown Chicago?